Four individuals, all under the age of 21, have been arrested in connection with a series of cyberattacks that significantly impacted major UK retailers including Marks & Spencer, Co-op, and Harrods. The attacks, which involved ransomware, led to substantial financial losses and operational disruptions, with Marks & Spencer alone facing an estimated £300 million hit.

Youthful Suspects Apprehended in Major Cybercrime Bust

British authorities have made significant strides in their investigation into the high-profile cyberattacks that crippled several prominent UK retailers. The National Crime Agency (NCA) announced the arrest of four young individuals: two 19-year-old males, a 17-year-old male, and a 20-year-old woman. The arrests took place in the West Midlands and London.

These individuals are suspected of various offenses, including:

• Computer Misuse Act violations

• Blackmail

• Money laundering

• Participation in organized crime

All suspects were apprehended at their residences, and their electronic devices have been confiscated for forensic analysis. The NCA's National Cyber Crime Unit is leading the ongoing investigation.

The Devastating Impact of the Attacks

The cyberattacks, particularly the ransomware incident in April 2025, had a profound impact on the affected businesses. Marks & Spencer, a cornerstone of British retail, suffered the most severe consequences:

• Suspension of online clothing sales for nearly seven weeks.

• Estimated operating profit loss of approximately £300 million ($400 million).

• Online clothing orders resumed on June 10 after a 46-day suspension, though click-and-collect services remain unrestored.

The overall financial impact of the attacks on Marks & Spencer and Co-op is estimated to be between £270 million ($363 million) and £440 million ($592 million).

Key Takeaways

• Four individuals under 21 arrested in connection with major cyberattacks.

• Marks & Spencer faced significant operational and financial disruption, including a £300 million loss.

• The attacks are believed to be linked to a decentralized cybercrime group known as Scattered Spider, part of a larger collective called The Com.

• Scattered Spider is known for its advanced social engineering tactics, often targeting IT help desks.

• Marks & Spencer Chairman Archie Norman urged for mandatory reporting of material cyberattacks by UK businesses.

The Role of Organized Cybercrime

While the NCA has not publicly named the specific organized crime group involved, it is widely believed that some of these attacks were orchestrated by "Scattered Spider." This decentralized cybercrime crew is notorious for its sophisticated social engineering techniques, which they use to breach organizations and deploy ransomware. Members of Scattered Spider are often young, native English speakers, giving them an advantage in social engineering by posing as employees to gain trust.

Scattered Spider is reportedly part of a larger, loosely-knit collective known as "The Com," which is implicated in a broad spectrum of criminal activities, including:

• Social engineering

• Phishing

• SIM swapping

• Extortion

• Sextortion

• Swatting

• Kidnapping

• Murder

Experts note that Scattered Spider's success stems not from novel tactics, but from their expertise in social engineering and persistent efforts to gain initial access. They often focus on a single sector at a time, using consistent tactics like creating convincing phishing domains to trick employees into revealing credentials.

Call for Enhanced Cybersecurity Measures

In the wake of these attacks, Marks & Spencer Chairman Archie Norman has advocated for a legal requirement for British businesses to report material cyberattacks. He highlighted that two recent major attacks on large UK companies had gone unreported, underscoring a potential gap in cybersecurity transparency and accountability. The retailer also contacted the U.S. FBI regarding the cyberattack, indicating the international scope of such investigations.

Cybersecurity experts emphasize the importance of proactive measures, such as training help desk staff on robust identity verification processes and deploying phishing-resistant multi-factor authentication (MFA), to defend against such intrusions. As cyber threats become increasingly sophisticated, your security strategy must evolve to keep pace. BetterWorld Technology offers adaptive cybersecurity solutions that grow with the threat landscape, helping your business stay secure while continuing to innovate. Reach out today to schedule your personalized consultation.

Sources

• UK police arrest four over cyberattacks on Marks & Spencer, Co-op and Harrods, FashionNetwork.com.

• Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods, The Hacker News.

• UK police arrest four over cyberattacks on M&S, Co-op and Harrods, The Economic Times.